Software Integrity Blog

Author Archive

Robert Vamosi

robertvamosi


Posts by Robert Vamosi:

 

ImageMagick vulnerability could allow remote attacks using malformed image files

A vulnerability in a popular software suite used to resize and re-produce image files in a variety of file formats could also allow remote command execution on a compromised web site.

Continue Reading...

Posted in Software Architecture and Design | Comments Off on ImageMagick vulnerability could allow remote attacks using malformed image files

 

Podcast: Software security and the connected car

Today the average new car has more lines of software code than has the Hubble Space Telescope, a Boeing 787 Dreamliner, and all the source code on your favorite social media app, Facebook, combined. And that’s just the beginning. In the not so distant future, your car will become no less than a mobile data center, capable of supporting a variety of new protocols.

Continue Reading...

Posted in Automotive Security | Comments Off on Podcast: Software security and the connected car

 

6 years later, ‘Stuxnet’ vulnerability remains exploited

In a recent report, Microsoft found that among the exploit-related malware families it detected during 2015 was a six-year vulnerability that was well-publicized.

Continue Reading...

Posted in Internet of Things | Comments Off on 6 years later, ‘Stuxnet’ vulnerability remains exploited

 

Fitbit IoT bathroom scale hit with critical vulnerabilities

Users of Fitbit’s Aria internet-connected smart scales will need to install a firmware patch as a result of critical security flaws reported last week.

Continue Reading...

Posted in Internet of Things | Comments Off on Fitbit IoT bathroom scale hit with critical vulnerabilities

 

Anti-virus scan shuts down medical device … During a procedure

In February 2016, a patient undergoing a routine cardiac catheterization procedure had to remain sedated five additional minutes while the device rebooted as the result of ant-virus scan.

Continue Reading...

Posted in Medical Device Security | Comments Off on Anti-virus scan shuts down medical device … During a procedure

 

Podcast: Securing the supply chain through procurement language, Part 2

Until recently, there has not been real pressure to have supply chain software vendors attest to the validity of their wares. But with the introduction of software into automobiles, television sets, and medical devices, software integrity has taken on greater meaning. Many industries have specific hardware procurement requirements for parts introduced into their supply chains, but what about software?

Continue Reading...

Posted in Software Architecture and Design, Web Application Security | Comments Off on Podcast: Securing the supply chain through procurement language, Part 2

 

Satellite spins itself to destruction after receiving bad data

A Japanese X-ray telescope disintegrated in orbit after bad data in a software update package made it unstable.

Continue Reading...

Posted in General | Comments Off on Satellite spins itself to destruction after receiving bad data

 

German nuclear plant finds PCs full of viruses

More than a dozen common computer viruses have been found on PCs at one nuclear plant in Germany, according to its operator.

Continue Reading...

Posted in General | Comments Off on German nuclear plant finds PCs full of viruses

 

SWIFT interbank network patches software vulnerabilities

SWIFT, the Society for Worldwide Interbank Financial Telecommunication, has issued a patch after identifying a vulnerability that may have lead to last month’s theft of theft of $81 million from a Bangladesh Bank account at the New York Federal Reserve Bank.

Continue Reading...

Posted in Financial Services Security, Software Architecture and Design | Comments Off on SWIFT interbank network patches software vulnerabilities

 

As FDA medical device comment period ends, 2 healthcare organizations call for more standards

Two healthcare executive organizations are calling on the Food & Drug Administration (FDA) and the Department of Health and Human Services (HHS) to produce more guidance for medical device manufacturers.

Continue Reading...

Posted in Medical Device Security, Security Standards and Compliance | Comments Off on As FDA medical device comment period ends, 2 healthcare organizations call for more standards